Foundations of efficient and secure algorithm development for secure multiparty computation
Date
2024-07-11
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Turvaline ühisarvutus on meetod erinevate osapoolte privaatsete andmete kasutamiseks nii, et sisendite privaatsust säilitades saada ühiseid tulemusi. Intuitiivselt tähendab turvalisus, et sisendite kohta ei leki muud kui planeeritud arvutuse korrektne tulemus. Seega on vaja tagada, et arvutamise protsessi käigus ei lekiks rohkem informatsiooni kui see väljund annab. Töö fookuses on küsimus algoritmi võimalikest leketest ja nende välistamisest.
Algoritmi turvalisuse tõestamise klassikaline meetod näitab, et algoritmi tööd on võimalik jäljendada ilma privaatseid sisendeid teadmata. Kui jäljendamise tulemus ja algoritmi päris andmetega käitamine on eristamatud, ei saa keegi algoritmi jooksutamise ajal rohkem informatsiooni kui planeeritud väljund. Käesolev doktoritöö defineerib üldkuju, millele paljud turvalise ühisarvutuse protokollid vastavad. Seda üldkuju saab kasutada, et väiksematest protokollidest kombineerida suuremaid algoritme ning lihtsustada algoritmide turvalisuse tõestamist. Töö tuletab kitsendused, millele vastavate algoritmide puhul on detailse formaalse tõestuse asemel võimalik piirduda algoritmi käigus avalikustatud andmete analüüsimisega.
Sageli koosnevad rakendused alamprotokollidest, millel pole avalikku väljundit. Selliste komponentide puhul on tegelikult piisav, kui need säilitavad sisendite privaatsust. Sellise privaatuse ja turvalisuse definitsioonid on formaalselt erinevad ning seetõttu erinevad ka protokollid, mis neid omadusi saavutavad. Sageli on privaatsed protokollid lihtsamad ning ka privaatsuse omadust on lihtsam tõestada. Seetõttu võimaldab privaatsete komponentide ja turvaliste algoritmide eristamine luua parema jõudlusega turvalise ühisarvutuse rakendusi ja nende turvalisust lihtsamalt tõestada. Doktoritöö defineerib privaatuse omaduse ning näitab kuidas privaatseid protokolle saab kombineerida turvalistega, et luua turvalisi rakendusi.
Secure multiparty computation enables using different parties' private data to obtain collective results while preserving the privacy of the inputs. Intuitively, security means that nothing but the result of the computation is leaked about the inputs, and the result is always correct. It is necessary to consider whether the output from the computation is as desired. It is also necessary to ensure that no more information than this output provides is leaked during the computation. The issue of possible algorithm leaks and proving that there are none is the focus of this work. The classical method for proving the security of an algorithm shows that it is possible to imitate the algorithm's execution without knowing the private inputs. Such algorithm simulation ensures that no one gets more information than the planned output while running the algorithm. This thesis defines the canonical form for secure multiparty computation protocols. This canonical form can be used to combine more extensive algorithms from simpler protocols and to simplify proving the security of algorithms. The thesis derives natural limitations for secure multiparty computation algorithms. If the algorithm adheres to these limitations, then the formal security proof can be simplified to analyse the data revealed during the algorithm. Often, applications consist of subprotocols with no public output. For such components, it is sufficient to preserve the privacy of the inputs. The formal definitions of privacy and security differ, as do the protocols that achieve these properties. Private protocols are often simpler, and the privacy property is easier to prove. Therefore, distinguishing between private components and secure algorithms allows more efficient secure multiparty computation applications and more straightforward proof of their security. The doctoral thesis defines the privacy property. It shows how private protocols can be combined with secure ones to create secure applications.
Secure multiparty computation enables using different parties' private data to obtain collective results while preserving the privacy of the inputs. Intuitively, security means that nothing but the result of the computation is leaked about the inputs, and the result is always correct. It is necessary to consider whether the output from the computation is as desired. It is also necessary to ensure that no more information than this output provides is leaked during the computation. The issue of possible algorithm leaks and proving that there are none is the focus of this work. The classical method for proving the security of an algorithm shows that it is possible to imitate the algorithm's execution without knowing the private inputs. Such algorithm simulation ensures that no one gets more information than the planned output while running the algorithm. This thesis defines the canonical form for secure multiparty computation protocols. This canonical form can be used to combine more extensive algorithms from simpler protocols and to simplify proving the security of algorithms. The thesis derives natural limitations for secure multiparty computation algorithms. If the algorithm adheres to these limitations, then the formal security proof can be simplified to analyse the data revealed during the algorithm. Often, applications consist of subprotocols with no public output. For such components, it is sufficient to preserve the privacy of the inputs. The formal definitions of privacy and security differ, as do the protocols that achieve these properties. Private protocols are often simpler, and the privacy property is easier to prove. Therefore, distinguishing between private components and secure algorithms allows more efficient secure multiparty computation applications and more straightforward proof of their security. The doctoral thesis defines the privacy property. It shows how private protocols can be combined with secure ones to create secure applications.